Link to home
Avatar of Tacobell2000
Tacobell2000Flag for Canada

asked on

dns errors show up in the event log: nx domain


Hello,

On 1 domain controller running Windows 2003 sp2 the event log is full of dns errors Event Id:7050. I enabled dns logging on the server and found this:

20080722 07:05:27 B8C PACKET  UDP Rcv 72.29.224.33    3b60 R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Snd 10.1.0.0     6222 R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 F6C PACKET  UDP Rcv  10.1.0.0    a384   Q [0001   D   NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 F6C PACKET  UDP Snd 72.29.224.33    136d   Q [0001   D   NOERROR] (6)bounce(
20080722 07:05:27 2E4 PACKET  UDP Snd 72.29.224.49    2b5a   Q [0001   D   NOERROR] (14)tastyhottreats(3)com(0)

20080722 07:05:27 F6C PACKET  UDP Rcv 72.29.224.49    2b5a R Q [8083  TDR  NOERROR] (14)tastyhottreats(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Rcv 72.29.224.33    136d R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Snd  10.1.0.0      a384 R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Rcv  10.1.0.0      21dd   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 B8C PACKET  UDP Snd 72.29.224.33    0b74   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 2BC PACKET  TCP Snd 72.29.224.49    2b5a   Q [0001   D   NOERROR] (14)tastyhottreats(3)com(0)

20080722 07:05:27 2BC EVENT   The DNS server recv() function failed.
The event data contains the error.
20080722 07:05:27 B8C PACKET  UDP Rcv 72.29.224.33    0b74 R Q [8381   DR NXDOMAIN] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 B8C PACKET  UDP Snd  10.1.0.0      21dd R Q [8381   DR NXDOMAIN] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 B8C PACKET  UDP Rcv  10.1.0.0      21dd   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(7)sbl-xbl(8)spamhaus(3)org(0)

20080722 07:05:27 B8C PACKET  UDP Snd 72.29.224.33    1b78   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(7)sbl-xbl(8)spamhaus(3)org(0)

The error in the event log shows that it happened at 07:05:27.
I have no idea how to interpret the above.

please help,

Tacobell2000
Avatar of dalesit
dalesit

This looks to me like you have some sort of anti-spam DNS blackhole querying going on.

When an inbound email arrives, the sender and/or urls listed in the email are checked against realtime blacklists. In this case it looks like bl.spamcop.net and sbl-xbl.spamhaus.org.

Cheers,

Joel
Avatar of Tacobell2000

ASKER

yes....but do you think this is generating the DNS errors?

Tacobell2000
ASKER CERTIFIED SOLUTION
Avatar of dalesit
dalesit

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
thanks.